In order to protect communication in networks, usually suitable cryptographic methods are used, which in general may be subdivided into two different categories: Symmetrical methods, in which transmitter and receiver possess the same encryption key, as well as asymmetrical methods in which the transmitter encrypts the data to be transmitted using a public key of the receiver (that is, a key also possibly known to a potential attacker), the decryption, however, only being able to be carried out with an associated private key that ideally is known only to the legitimate receiver.
Asymmetrical methods have the disadvantage, inter alia, that as a rule, they feature very high computing complexity.
Consequently, they are only conditionally suitable for resource-limited nodes like, for example, sensors, actuators or others that usually possess only relatively small computing power as well as little memory, and are intended to operate energy-efficiently, e.g., on the basis of battery operation or the use of energy harvesting. Moreover, often only a limited bandwidth is available for transmitting data, which makes the exchange of asymmetrical keys with lengths of 2048 bits or even more unattractive.
When using symmetrical methods, on the other hand, it must be ensured that both the receiver and the transmitter possess the same key. In this case, generally the associated key management represents a very demanding task. In the realm of mobile radiocommunications, for example, keys are introduced into a mobile telephone with the aid of SIM cards, and the associated network is then able to assign the appropriate key to the unique identification of an SIM card. In the case of wireless LANs, on the other hand, usually the keys to be used are input manually (“pre-shared keys”, established as a rule by the input of a password) upon setting up a network. However, such a key management quickly becomes very costly and impracticable if one has a very large number of nodes, e.g., in a sensor network or other machine-to-machine communication systems. In addition, a change of the keys to be used is often not possible at all or only with great expenditure.
That is why, for some time, innovative approaches are in the process of being tested and developed under the catchphrase “physical layer security”, with whose aid keys for symmetrical methods are able to be generated automatically on the basis of the transmission channels between the nodes involved. The ascertainment of random numbers or pseudo-random numbers from channel parameters is described, for example, in PCT Application No. WO 1996023376 A2, and the generation of secret keys is described, for example, in PCT Application No. WO 2006081122 A2 and German Patent Application No. DE 102012215326 A1.
Typically, the initial bit sequences derived from the transmission-channel properties in the devices involved are (strongly) correlated, but not identical. However, since symmetrical cryptography requires identical keys, a key-matching process is necessary. In this process, information about the quantized bit sequences may be exchanged and reconciled, in doing which, the intention being to disclose as little as possible about the sequences and the keys to be derived from them to potential attackers that could be listening surreptitiously to the communication exchanged. Two approaches for this are the use of a CASCADE protocol or the use of error correction codes.